Claims 



1 1. A process for configuring, across the Internet, a digital certificate 

2 for a network device, the process comprising: 

3 building a secret data encryption key into a network device when the 

4 network device is manufactured; 

5 maintaining the secret key and a corresponding unique identifier of the 

6 network device in a database server accessible over the Internet; 

y, 7 sending, across the Internet firom the network device to the database 

hi 

y 8 server, a two-part message wherein the first part contains the imique identifier, 

9 the IP address of the network device and a request for a digital certificate, and 

po wherein the first part is enaypted using the built-in secret key, and wherein 

f^l the second part of ihe message has at least some of the same infinmation as the 

^2 first part of the message, including the unique identifier, but is not encrypted; 
fis determining, by the database server, the secret key fi:om the database 

14 using the unique identifier received in the second part of ihe message; 

15 decrypting, using the secret key fi:om the database, the first part of the 

16 message; 

17 comparing the information in the decrypted first part of the message with 

18 the information in the second part of the message; 
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19 comparing the IP address from which the message was received and the 

20 IP address specified in the message; and 

21 sendii^ a digital certificate to the network device if the information 

22 matches and the IP addresses match. 
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^ 2* A process for configiiring a digital certificate for a network device 

24 in a network environment, tlie process comprising: 

25 embodying a secret key into the device; 

26 storing, by an entity responsible for embodying tihie secret key, the secret 

27 key and a xmique identification number of the device in a secure database 

28 accessible by the entity and a certificate authority; 

29 receiving, by a certificate authority, a two-part message fi-om the network 

30 device requesting a digital certificate wherein the first part of the message 

0 includes the unique identification ntunber and the second part of the message is 

8I2 an encryption of the first part of the message encrypted with the secret key; 
^ determining, by the certificate authority, the secret key firom the 

Is:*! 

^ database using the imique identification number; 

l3S deoypting, using the secret key fi:om the database, the second part of the 

^ message; 

P 

^ comparing the decrypted message with the first part of the message; and 

38 sending a digital certificate to the network device if the two parts match. 

1 3. The process of claim 2 wherein the network device is a fax 

2 machine. 
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4. The process of claim 2 wherein the network device is a printer. 

5. The process of claim 2 wherein the network device is a modem. 

6. The process of claim 2 wherein the entity embodjdng the secret key 
and the certificate authority are a same entity. 

7. The process of claim 2 wherein the entity embodying the secret key 
is a manufacturer of the network device, and wherein the secret key is 
embodied in the device when the device is manufactured, 

8. A network device having a unique identification number, the 
network device comprising: 

a secret key embodied in said network device when the network device is 
manufactured; 

means for generating a two-part message requesting, fi:om a digital 
authority, a digital certificate wherein the first part of the message includes the 
unique identification number and the second part of the message is an 
encryption of the first part of the message using the secret key; and 

means for receiving a digital certificate. 
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9- The network device of daim 8 wherein the network device is a 
printer. 

10. The network device of claim 8 wherein the network device is a fax 
machine, 

11. The network device of claim 8 wherein the network device is a 
modem. 
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12. A computer system having a database, the computer system 
comprising: 

means for receiving a secret key and a corresponding unique 
identification number of a network device from an entity responsible for 
embodying the secret key into the network device; 

means for storing the secret key and the corresponding unique 
identification number in the database; 

means for receiving a two-part message firom the network device 
requesting a digital certificate wherein a first part of titie message includes the 
unique identification number and the second part of the message is an 
encryption of the first part of the message encrypted by the network device 
using the embodied secret key; 

means for accessing the database to find the secret key associated with 
the unique identification number fi-om the first part of the message; 

means for decrypting the second part of the message using the secret key 
firom the database; 

means for comparing tiie decrypted second part of the message with the 
first part of the message; and 

means for sending to the network device a digital certificate if the 
decrypted part of the message matches the first part of the message. 



AM9'97^53 



1 13. A computer program, on a computer-usable medium, comprising: 

2 means for enabling receipt of a secret key and a corresponding unique 

3 identification number of a network device from an entity responsible for 

4 embodying the secret key into the network device; 

5 means for causing the secret key and the corresponding unique 

6 identification number to be stored in a database; 

7 means for enabling receipt of a two-part message from the network device 

8 requesting a digital certificate wherein a first part of the message includes the 
unique identification number and the second part of the message is an 

9o encryption of the first part of the message encrypted by the network device 

i^t using the embodied secret key; 

^ means for causing an access to the database to find the secret key 

Hs associated with the unique identification number from the first part of the 

m 

S|4 message; 

p5 means for causing a decryption of the second part of the message using 

16 the secret key from the database; 

17 means for comparing the decrypted second part of the message with the 

18 first part of the message; and 

19 means for causing a digital certificate to be sent to the network device if 

20 the decrypted part of the message matches the first part of the message. 
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1 14. A method executed in a computer system having a database, the 

2 method comprising: 

3 receiving a secret key and a corresponding unique identification number 

4 of a network device from an entity responsible for embodying the secret key into 

5 the network device; 

6 storing the secret key and the corresponding unique identification 

7 nxunber in the database; 

8 receiving a two-part message from the network device requesting a 

9 digital certificate wherein a first part of the message includes the unique 

3 

^0 identification number and the second part of the message is an encryption of 

the first part of the message encrypted by the network device using the 

^2 embodied secret key; 

accessing the database to find the secret key associated with the unique 

Cl4 identification number from the first part of the message; 
^5 decrypting the second part of the message using the secret key from the 

16 database; 

17 comparing the decrypted second part of the message with the first part of 

18 the message; and 

19 sending to the network device a digital certificate if the decrypted part of 

20 the message matches the first part of the message. 
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